A survey of nearly 5,000 IT security professionals globally suggests that many corporate leaders may be underestimating the impact data loss could have on their bottomline.
According to a report from Ponemon Institute and sponsored by Websense, 80 percent of respondents said their company’s leaders do not equate losing confidential data with a potential loss of revenue.
The research also found that respondents find it difficult to keep track of the threat landscape facing their company, with less than half (41 percent) having a good understanding of it.Forty-eight percent said their board-level executives have a subpar understanding of security issues.
“Many people that are responsible for securing their organizations have experienced some level of attacks – even if it was a simple piece of malware that was easily removed,” said Jeff Debrosse, director of security research at Websense. “What isn’t often taken into consideration is that it’s very hard to find a security vendor that can protect organizations from attackers at different (entry) points in a network. This leaves many people feeling as there is some level of inadequacy in existing solutions. Whatever the case may be for security professionals to feel that way, one thing is for sure – we’re getting better at protecting networks and related data and adapting faster than we have in the past.”
Only 37 percent of respondents could say with certainty that their organization lost sensitive or confidential information as a result of a cyber-attack. Thirty-five percent of those who had lost sensitive or confidential information did not know exactly what data had been stolen.
“On average, organizations aren’t aware of the presence of an attacker for several months, oftentimes beyond a year,” Debrosse said. “Once the attacker’s activities have been discovered, forensic analysis will typically show some level of activity that is indicative of an intruder – but only once an organization knows to start looking; hence the importance of detecting anomalies. Since the attackers usually copy, versus destroying or modifying data, it can be difficult to assess the extent of the attacker’s activity after the fact – but there will frequently be telltale signs of some of their movements in the network. The more data organizations hold and secure themselves, the higher the risk of being attacked – especially if it is customer information, IP or financial records, in that order of precedence.”
Fifty-seven percent of respondents do not think their organization is protected from advanced cyber-attacks, and 63 percent doubt they can stop the exfiltration of confidential information. Nearly 70 percent believe cybersecurity threats sometimes fall through the cracks of their companies’ existing security systems.
According to the survey, 44 percent of the companies represented in this research experienced one or more substantial cyber-attacks in the past year. Fifty-nine percent of the companies meanwhile do not have adequate intelligence or are unsure about attempted attacks and their impact.
“While there are significant differencesamong countries for specific questions (such as availability of cyber attack intelligence), the overall analysis indicates that a majority of security professionalsdo not feel adequately armed to defend their organizations from threats,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “This challenge is further compounded by a perception that company leaders do not believe that data breaches will lead to loss of revenue. Our research has shown this is simply untrue.”
Brian Prince is a Contributing Writer for SecurityWeek.Previous Columns by Brian Prince:Company Leaders Misjudge Impact of Data Loss on Revenues: ResearchSiemens Patching Industrial Products Affected by Heartbleed Money Launders Look to Online Casinos: ReportFBI Issues Warning to Healthcare Industry on Cyber Security: ReportMozilla Creates $10K Bug Bounty Program for New Certificate Verification Library
Tags: NEWS INDUSTRY